<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Reset Your Account</title>


    
    
    
<style type="text/css">
body {
	font-family:"Lucida Grande", "Lucida Sans Unicode", Verdana, Arial, Helvetica, sans-serif;
	font-size:12px;
}



 .success {
	border: 1px solid;
	margin: 0 auto;
	padding:10px 5px 10px 60px;
	background-repeat: no-repeat;
	background-position: 10px center;
    
     width:450px;
     color: #4F8A10;
	background-color: #DFF2BF;
	background-image:url('images/success.png');
     
}



 .errormsgbox {
	border: 1px solid;
	margin: 0 auto;
	padding:10px 5px 10px 60px;
	background-repeat: no-repeat;
	background-position: 10px center;

     width:450px;
    	color: #D8000C;
	background-color: #FFBABA;
	background-image: url('images/error.png');
     
}

</style>

</head>
<body><?php
include ('database_connection.php');

if (isset($_GET['email']) && preg_match('/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/', $_GET['email']))
{
    $email = $_GET['email'];
}
if (isset($_GET['key']) && (strlen($_GET['key']) == 32))//The Activation key will always be 32 since it is MD5 Hash
{
    $key = $_GET['key'];
}


if (isset($email) && isset($key))
{
$query_verify_email = "SELECT * FROM reset_password WHERE email ='$email' AND token = '$key'";
$result_verify_email = mysqli_query($dbc, $query_verify_email);
        if (!$result_verify_email) {//if the Query Failed ,similar to if($result_verify_email==false)
            echo ' Database Error Occured ';
        }
				        if (mysqli_num_rows($result_verify_email) > 0) { 
    // Update the database to set the "activation" field to null

		//Generate a RANDOM MD5 Hash for a password
	$random_password=md5(uniqid(rand()));
 
	//Take the first 8 digits and use them as the password we intend to email the user
	$emailpassword=substr($random_password, 0, 8);
 
	//Encrypt $emailpassword in MD5 format for the database
	$newpassword = hash('sha1',$emailpassword);
	
    $query_activate_account = "UPDATE members SET Password='$newpassword' WHERE(Email ='$email')LIMIT 1";

    $result_activate_account = mysqli_query($dbc, $query_activate_account) ;

    // Print a customized message:
    if (mysqli_affected_rows($dbc) == 1)//if update query was successfull
    {
	//remove the password reset request from the database
	$query_delete_pwrequest = "DELETE FROM reset_password WHERE(Email ='$email')LIMIT 1";
	$result_delete_pwrequest = mysqli_query($dbc, $query_delete_pwrequest) ;
	        if (!$result_verify_email) {//if the Query Failed ,similar to if($result_verify_email==false)
            echo ' Database Error Occured ';
        }
    echo '<div class="success">A temporary password was sent to your E-mail. You may now <a href="login.php">Log in</a> and change it.</div>';
                // Send the email:
                $message = " Your new password to Jive Messenger :\n\n";
                $message .= $emailpassword."\n\n";
				$message .= WEBSITE_URL;
				
                mail($email, 'Jive Messenger password reset', $message, 'From: sskodje@gmail.com');
    } else
    {
        echo '<div class="errormsgbox">Oops !Your account could not be activated. Please recheck the link or contact the system administrator.</div>';

    }

        } else { // The email address is not available.
            echo '<div class="errormsgbox" >That email
address is not registered.
</div>';
        }
		 mysqli_close($dbc);
} else {
        echo '<div class="errormsgbox">Error Occured .</div>';
		
}
		   

?>
</body>
</html>